I have notices a bit unusual behavior with NAT, running RouterBOARD 962UiGS-5HacT2HnT with RouterOS 6.48.2 in simple home office setup: WAN, and bridge interface to some LAN port and wifi.
I do have NAT:
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=8.9.10.11 dst-port=22 in-interface=ether1 protocol=tcp to-addresses=192.168.88.100
On bridge interface are visible packets source 1.2.3.4 destination 192.168.88.100:22 TX and in opposite direction source 192.168.88.100:22 destination 1.2.3.4 RX. Such returning packets are not visible on ether1 (wan port).
After port flap to server, from any other public IP service SSH is still accessible, except from 1.2.3.4. I have tied to clear connection table, waiting few days, only finding how to fix this issue is reboot of device. ARP record is there, ping to server from router works, access to SSH from other IP works, access to server via IPSec tunnel works as well, only source in the internet 1.2.3.4 could not reach SSH service any more.
Have you encounter similar issue? Or do I have incorrect NAT configuration?